Method and system of generating audit procedures and forms

ABSTRACT

The present invention provides a computer-implemented method for automatically generating and placing documents associated with a tax and accounting related engagement, for example assessing risks associated with an audit. A user is presented with a plurality of audit items and a set of risk levels associated with the audit items and may also be presented with a plurality of prompts designed to elicit a set of responses from the user. The set of user responses being associated with a set of risks associated with the audit. The set of risk levels being associated with a set of assertions associated with the audit items and may include first and second risk levels of different degrees. The method further includes processing a set of responses received from the user in response to the items presented. The method includes automatically generating a suggested audit approach that is based at least in part on the processed responses. The method further includes automatically generating documents associated with the suggested audit approach and placing the automatically generated documents within a predefined set of folders. The method may also determine a set of procedures that are based on the responses. The set of procedures are presented to the user based on the suggested audit approach.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation-in-part of application Ser. No.11/977,288, filed Oct. 24, 2007, for a Method and System of GeneratingAudit Procedures and Forms, which is incorporated herein by reference.

FIELD OF THE INVENTION

The present invention relates to the provision of and tools to assist inthe provision of professional services, specifically including auditingservices. More particularly, the present invention relates tocomputer-implemented tools, resources, and processes for conductingaudits.

BACKGROUND OF THE INVENTION

As companies continue to strive for efficiency, consistency andflexibility, computers and software executed on computers areincreasingly relied upon to automate, semi-automate, enhance, quickenand make reliable and uniform business processes. This is true even infields of professional service providers, such as financial auditors,and fields in which standardized procedures and documents governacceptable and “best” practices. For instance, organizations, such asFASAB (Federal Accounting Standards Advisory Board), FASB (FinancialAccounting Standards Board), AICPA (American Institute of CertifiedPublic Accountants), IASB (International Accounting Standards Board),the SEC, and PCAOB (Public Company Accounting Oversight Board)promulgate rules and regulations, e.g., GAAS (generally acceptedauditing standards), GAAP (generally accepted accounting principles),and IFRS (International Financial Reporting Standards), that govern theway companies are reviewed for integrity of financial accounting andoperation. GAAS is principally comprised of ten auditing standardsdeveloped by AICPA that establish general standards (3) and standardsrelated to field work (3) and reporting (4), including whether thereport is in accordance with GAAP, and related interpretations.

In the field of auditing, although GAAP and GAAS provide guidelines bywhich auditors should conduct audits, there is a significant amount ofleeway and many variables that leave to the professional and his or herassessments determining the set of procedures required under theparticular set of circumstances. This may also depend on the purpose andthe intended audience to receive and interpret/rely on the report, andwhether the entity being audited is public or non-public orgovernmental. Whether public or non-public, investors, banks, and otherpersons of interest rely on financial accounting information whendetermining whether to invest in a company, grant a loan to a company,merge with a company, etc. Standards are intended to promote bestpractices and uniformity, and therefore reliability, in the auditingprocess so that the resulting report may be viewed as unbiased, accurateand trustworthy.

Companies, such as Thomson Corporation, provide tools, resources andservices to assist accountants and auditors. For instance, Thomson PPC'se-Practice Aids is a series of titles or Guides that give guidance andprovide materials and procedures consistent with standards, e.g., PPC'sGuide To Audit Of Nonpublic Companies, 25^(th) Edition, January 2007.Auditors may rely on the Guides or titles in conducting audits.Electronic tools, for instance Thomson's e-Tools, and electronicversions of guides, Thomson e-Practice Aids, help auditors take theirtools and resources With them when conducting field work or may makethem accessible from remote locations or at least electronically.Computers are also helpful in collecting client data and capturingassessment data. What is needed is an integrated system for conductingaudits and for processing collected and risk related assessment data todetermine and generate and present a suggested audit approach and set ofprocedures consistent with relevant standards and guides, thengenerating documents containing those procedures and providing theauditor with quick access to such documents for use in an audit and astructure for efficient document storing and handling.

SUMMARY OF THE INVENTION

The present invention addresses the shortcomings of the prior art andprovides, among other things, a powerful computer-implemented tool toassist in making risk assessments and for generating procedures,conducting audits, and coordinating documents and other work product inassessing risks associated with business processes and operations. Moreparticularly, the present invention relates to a system of creating andgenerating auditing procedures in response to identified risks and riskassessments. The present invention comprises a logic scheme wherein anauditor is prompted with a series of questions or prompts forinformation and the answers or responses given by the auditor are usedas input to the logic sequence in determining the procedures the auditorwill use when performing the audit. The present invention may be used byauditors in performing audits of non-public as well as public companies,governmental organizations, and other entities and typically involvesthe generation of work product capturing or summarizing the effort andunderlying basis for opinions associated with the effort.

In one respect, the invention provides a professional services audittool that includes an application that performs a variety of functionssuch as completing certain audit planning processes/forms (includingassessing risks related to the financial statements being audited),offering a tailored set audit programs based on the assessed risks,allowing users to further tailor the suggested audit programs, andrendering theses audit programs in a helpful format, e.g., ThomsonCorporation's PPC SMART e-Practice Aids format. In one manner, to usethe application, each user also must own and have a valid licenseinstalled of an associated practice aid product or suite, e.g.,Thomson's e-Practice Aid product. In this example, the e-Practice Aidcorresponds to one of a set of audit types or titles.

The present invention includes one or more of the following advantageswhereby users may: complete audit planning documentation; identify andcapture audit risks affecting your engagement; select an audit strategyin response to the user's risk assessment; automatically generatesuggested audit programs and procedures; efficiently customize using GUIdrag and drop functionality; produce tailored practice aids for theparticular engagement such as in performing an audit; automate the auditplanning and risk assessment process; optimize the user's professionalaudit judgment; improve linkage between audit risk and proceduresperformed; increase audit effectiveness and reduce risk; and increaseconsistency across audit engagements.

One further benefit of the present invention is that an auditor can besure to include all relevant information in the audit procedures withoutsacrificing detail. The prompt-response method of the present inventiondirects the auditor to consider piecemeal whether each individualcomponent of the possible audit procedures should be included. By doingthis, the audit procedures will be far clearer and less confusing toboth the auditor and the audited parties.

The auditor as described in the present invention is intended to includeevery person who may use the program to assess risk facing anenterprise. The applications in the context of auditing cover, forexample, the following categories: accounting, audit & attest;compilation and review; non-profit organizations; governments;specialized industries; and bookkeeping services.

Once the auditor has responded to certain prompts, a series of tailoredaudit procedures will be created corresponding to each audit area theauditor has selected. Audit areas are intended to include cash, accountsreceivables and sales, inventory and costs of sales, inventoryobservation, property, investments and derivatives, other assets,accounts payable and other liabilities, notes payable and long-termdebt, income taxes, equity, and incomes and expenses.

The above-mentioned audit procedures are created using a logic systembased primarily on the input of assertions associated with Risk ofMaterial Misstatement (RMM), but include such other facts as fraudrisks. In one manner, when one or more or a particular combination ofassertions are evaluated to be “high,” one or more extended procedureswill be suggested when creating or generating the audit procedures. Theextended procedures suggested will relate particularly to that area orassertion that is deemed to be a high risk. If no high risks areinvolved with the particular audit, then the “Basic” approach will besuggested. An exception exists where the risk is moderate and there is arisk of fraud or other significant risk. In such instances, an Extendedapproach will be suggested for that assertion.

The term “assertion” as used herein means representations that areembodied in components being audited.

Areas of the generated audit procedures will be filled in by informationinputted during the engagement process and planning forms of FIGS. 2-13(j). Content is placed in particular places within the generated documentusing the bookmarks and cross-reference feature of Microsoft Word fromthe Microsoft Office. Forms tailored by variable data input are known as“smart” forms. Exemplary technology that may be used to accomplish the“on the fly” creation of documents includes one or more of XML,Microsoft WORD object model and WORD templates.

The present invention is intended to be medium-neutral, being equallycapable as a desktop program, a web-enabled program, a web-basedprogram, and any variation thereof, being broad enough to include allfuture mediums.

In one embodiment the present invention provides a system for assessingrisks associated with an audit. The system comprises: a computer havingan associated memory, display, and input device and adapted to executecode; a graphical user interface adapted to operate on the computer andadapted to present a plurality of audit items and a set of risk levelsassociated with the plurality of audit items and adapted to receive aset of responses by the input device; a response code set adapted to beexecuted on the computer and adapted to process the set of responses;and an audit code set adapted to be executed by the computer and adaptedto automatically generate a suggested audit approach based at least inpart on the set of responses. In addition, the graphical user interfacemay be adapted to present a set of prompts designed to elicit the set ofresponses, the set of responses being associated with a set of risksassociated with the audit. Further, the audit code set may be furtheradapted to present by the graphical user interface a set of proceduresbased at least in part on the suggested audit approach. Also, theresponses may represent a set of assertions of risk level associatedwith the plurality of audit items.

The system may further comprise a selection code set adapted to provideselection of a set of at least two audit approaches comprising thesuggested audit approach and an alternative audit approach. Thesuggested audit approach may be either basic or extended, for example.The set of risk levels may comprise a first risk level, a second risklevel, and a third risk level. Also, in the system each response in theset of responses may be a selected risk level from the set of risklevels and wherein the first risk level is low, the second risk level ismoderate, and the third risk level is high. The graphical user interfacemay be further adapted to present an electronic audit form associatedwith an audit and the electronic form may comprise the plurality ofaudit items and possible risk levels. The audit code set may be furtheradapted to determine a set of procedures based at least in part on theset of responses. The audit code set may be further adapted to present aset of electronic documents associated with the suggested auditapproach.

In another embodiment the invention provides a computer-implementedmethod or process for assessing risks associated with an audit. Theprocess includes the step of presenting to a user a plurality of audititems and a set of risk levels associated with the plurality of audititems. The presenting step may further comprise presenting a pluralityof prompts designed to elicit a set of responses from a user/auditorwherein the set of user responses are associated with a set of risksassociated with the audit. Further, the set of risk levels may beassociated with a set of assertions associated with the plurality ofaudit items. Also, the set of risk levels may include at least a firstrisk level and a second risk level of different degrees of risk. Themethod further includes the step of processing a set of responsesreceived from the user in response to the items presented. The methodincludes the step of automatically generating a suggested audit approachthat is based at least in part on the processing step.

In addition, the exemplary method may include the following steps. Thestep of determining a set of procedures that are based at least in parton the responses from the response processing step. An additional stepinvolves presenting the set of procedures to the user based at least inpart on the suggested audit approach. The method may also include thestep of presenting the user with a set of at least two audit approachescomprising the suggested audit approach and an alternative auditapproach from which the user may select. The suggested audit approachmay be one of basic, limited or extended. In the method, each responsein the set of responses may be a selected risk level from the set ofrisk levels representing different levels of risk. The presenting stepmay include presenting an electronic audit form associated with theaudit being performed by the user. The electronic form may comprise theplurality of audit items and the set of risk levels. The automaticallygenerating step may further include determining a set of proceduresbased at least in part on the set of user responses and the suggestedaudit approach may include presenting the set of procedures.

The method may also include the step of editing the determined set ofprocedures from the generating step to result in a customized set ofprocedures. The method may also include the step of presenting a set ofelectronic documents associated with the suggested audit approach.

The system may be configured and the method may be performed in avariety and combination of environments and architectures, includingInternet/WWW-based applications, desktop applications, and WWW-enabledapplications. In one exemplary architecture, a user at a remoteworkstation may have executing thereon software so that the user is notwriting back to the central server database until the user chooses tosave changes made. Until the changes are saved, the user is working inshort-term memory and the user has the ability to perform “what if”scenarios.

The present invention builds on existing practice aids to provide anintegrated audit planning and risk assessment approach to engagements.The invention provides an audit tool that allows auditors to completeaudit planning documentation, identify and capture audit risks affectingthe engagement, automatically generate suggested audit programs, selectfrom suggested and alternative audit strategies responsive to auditorrisk assessment, customize audit program aspects with user-friendly GUIand drag and drop functionality, and produce tailored practice aids forthe engagement. To a large extent the present invention may be used toautomate the audit planning and risk assessment process, optimizejudgments, improve linkage between audit risk and procedures performed,increase audit effectiveness and reduce risk, and increase consistencyacross audit engagements. These and other objects and benefits of thepresent invention are made more apparent with the aid of the followingdescription and figures.

BRIEF DESCRIPTION OF THE DRAWINGS

In order to facilitate a full understanding of the present invention,reference is now made to the accompanying drawings, in which likeelements are referenced with like numerals. These drawings should not beconstrued as limiting the present invention, but are intended to beexemplary and for reference.

FIG. 1 depicts an exemplary system embodiment of the present invention;

FIG. 2 depicts a flowchart illustrating one embodiment of the presentinvention;

FIG. 3 depicts a screen shot illustrating exemplary functionality foruse in conjunction with the present invention;

FIG. 4 depicts a flowchart illustrating a risk assessment aspect of thepresent invention;

FIG. 5 depicts an exemplary screen for selecting audit areas related toa particular engagement;

FIG. 6 depicts an Engagement Acceptance Form and related screen for usein a client assessment aspect of the present invention;

FIG. 7 depicts a risk identification screen where an auditor may enterand describe a type of risk in keeping with the present invention;

FIG. 8 depicts an Understanding the Entity and its Environment screenused in gathering audit related data;

FIG. 9 depicts an Engagement Team Discussion form and related screen inkeeping with the present invention;

FIG. 10 depicts the Fraud Risk Inquiries Form and related screen inkeeping with the present invention;

FIG. 11 depicts the Understanding the Design and implementation ofInternal Control form and related screen in keeping with the presentinvention;

FIG. 12 depicts the Risk Identification Form and related screen inkeeping with the present invention;

FIG. 13 depicts an exemplary audit area Risk Assessment Summary Form andrelated screen in keeping with the present invention;

FIG. 14 depicts the risks entered in FIG. 7 that are identified as arisk to the overall finance statements;

FIG. 15 depicts a screen shot illustrating the procedures generated byinputted data related to one of the audit area audit programs;

FIG. 16 depicts a screen illustrating procedures for performing an auditreport;

FIG. 17 depicts a diagnostic report and related screen in keeping withthe present invention;

FIG. 18 depicts the generated audit form and related screen in keepingwith the present invention;

FIG. 19 depicts a preview of an audit form generated by software of thepresent invention;

FIG. 20 depicts a file containing all forms generated by the program;and,

FIG. 21 depicts an exemplary Generate Audit Programs screen in keepingwith the present invention.

FIG. 22 depicts an exemplary toolbar associated with an engagementsolution for providing an efficient tool to standardize procedures intax and accounting applications;

FIG. 23 depicts an exemplary screen with a default client engagementwindow in keeping with the present invention;

FIG. 24 depicts a General Audit Programs screen in keeping with thepresent invention;

FIG. 25 depicts a screenshot of an exemplary engagement documentplacement folder arrangement associated with the particular engagementin keeping with the present invention; and

FIG. 26 depicts a screenshot of the generated documents as filed in theappropriate places in keeping with the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

The present invention will now be described in more detail withreference to exemplary embodiments as shown in the accompanyingdrawings. While the present invention is described herein with referenceto the exemplary embodiments, it should be understood that the presentinvention is not limited to such exemplary embodiments. Those possessingordinary skill in the art and having access to the teachings herein willrecognize additional implementations, modifications, and embodiments, aswell as other applications for use of the invention, which are fullycontemplated herein as within the scope of the present invention asdisclosed and claimed herein, and with respect to which the presentinvention could be of significant utility.

In one respect, the invention provides a professional services audittool that includes an application that performs a variety of functionssuch as completing certain audit planning processes/forms (includingassessing risks related to the financial statements being audited),offering a tailored set of audit programs based on the assessed risks,allowing users to further tailor the suggested audit programs, andrendering these audit programs in a helpful format, e.g., ThomsonCorporation's PPC SMART e-Practice Aids format. In one manner, to usethe application, each user also must own and have a valid licenseinstalled of an associated “practice aid,” e.g., Thomson's e-PracticeAid product. In this example, the practice aid corresponds to one ofeleven audit types, also referred to herein as “titles.” An exemplarylist of audit types or titles that are supported by the Risk Assessmentsystem of the present invention includes: Guide to Audits of NonpublicCompanies; Guide to PCAOB Audits (i.e., audits of publicly-tradedcompanies); Guide to Audits of Nonprofit Organizations; Guide to Auditsof Local Governments; Guide to Audits of Employee Benefit Plans; Guideto Construction Contractors; Guide to Dealerships; Guide to Audits ofFinancial Institutions; Guide to Homeowners' Associations and OtherCommon Interest Realty Associations; Guide to HUD Audits; and Guide toSingle Audits (audits that comply with government and non-profit “singleaudit” rules, regulations and guidelines). One advantage of thisembodiment of the invention is that it enables a user to obtain agreater understanding of the entity under audit or review and itsenvironment, review internal control, perform a more rigorous riskassessment, provide linkage of assessed risks of material misstatement(RIMM) to the user's audit procedures at the assertion level, and meetnew and expanded documentation requirements.

Referring now to FIG. 1, a system 100 is shown for implementing a riskassessment and audit program and providing a tool that creates andgenerates audit procedures based on risk assessments and assertionsidentified during an audit. The system 100 comprises a central side 102,a remote audit work station 104 and a local client-side facility 106. Inthis example, a user 108, such as a professional conducting an audit,may use a mobile or local device, such as a wireless-enabled notebookcomputer 110 to connect to the central side 102 and/or the client side106 via communication links. This configuration is one of many and isnot limiting as to the invention. For example, in one alternativeconfiguration user 108 may use the application fully self-containedwithin a desktop environment, e.g., as shown within 104, and may utilizea local database 119, such as SQL 2005 or above or SQL Express or othersuitable database. The communication links may be a combination ofwireless, LAN, WLAN, ISDN, X.25, DSL, and ATM type networks, forexample. The user notebook 110 may comprise a typical combination ofhardware and software including system memory 112, operating system 114,application programs 116, graphical user interface (GUI) 118, processor120, and storage 122 which may contain electronic information 124 suchas forms, practice aids, titles, data, procedures and the like. Theoperating system 114 shall be suitable for use with the risk assessmentfunctionality described herein, for example, Microsoft Windows Vista(business, enterprise and ultimate editions), Windows 2000 with SP4 orWindows XP Professional with SP2. Also, the risk assessment inventionmay be browser-based and/or may include custom integration withMicrosoft Office applications, e.g., Outlook, Word and Excel.Application programs 116 may include, for example, Microsoft Office2007, Office XP with SP2, or Office 2003 with SP1 applications. Thesoftware and related tools, procedures, forms and data used to implementthe risk assessment processes may be accessed by the machine 110 via theInternet or it may be loaded onto the machine via CD-ROM or other mediaor a combination of such means. The system requirements in oneembodiment may require the machine 110 to be compatible with minimumthreshold levels of processing capabilities, e.g., Intel Pentium III,speed, e.g., 500 MHz, and other parameters.

For purposes of discussion, an exemplary central side 102 may comprise acentral server and database 126, user interface peripherals such asdrives (not shown) monitor 128, keyboard 130, and printer 132. Thecentral server and database 126 may be used to communicate remotely, orlocally for that matter, with the user's machine 110 and may load, pass,receive information and instructions, such as software executable on themachine 110 and data, forms, titles, guides, procedures and the like forstoring and using locally by the user on machine 110. A communicationlink 103 may be established between central side 102 and userworkstation 104 for updating data and software used by the user duringauditing processes. The central side 102 may also include one or moreapplication servers 134 and other devices to help facilitate theexchange of software and data between the user 108 and the central side102. The central side 102 may be associated with a professional servicescompany, such as an accounting firm, in the business of conductingaudits.

The local client-side facility 106 is illustrated for exemplary purposesonly as including a server 136 or the like to provide a communicationlink 105 between the user machine 110 and the client-side system asrequired, if at all, in the auditing process. The client-side facility106 may include a network 142 of computers 140, such as over a LAN,WLAN, Ethernet, token ring, FDDI ring or other communications networkinfrastructure. The client-side facility may also include a database 138or other data storage component. In conducting an audit of a companyassociated with facility 106, the user 108, in one optional manner, mayaccess data and/or the network 142 as necessary to review documents andprocesses of the company to prepare assessments and identify risksassociated with company operations. In conducting and completing theaudit engagement, the user 108 inputs data, calls upon audit tools, suchas titles and procedures stored locally or remotely at the central side102.

The system 100 may be Internet or (World Wide) WEB-based, desktop-based,or application WEB-enabled. Also, the present invention supports a“disconnected use” of the software in that the software may be designedso that a user 108 does not write back to the central server database126 and/or the local database 119 until the user chooses to “save” orstore the changes. Prior to saving changes, the user 108 may work inshort-term memory. This feature has the benefit of allowing the user 108to perform “what if” scenarios and examine results of these scenarios.

FIG. 2 is a flowchart illustrating an embodiment of the invention thatprovides a computer-implemented process 200 for assessing risksassociated with an audit. The process 200 includes the step 202 ofpresenting to a user a plurality of audit items and a set of risk levelsassociated with the plurality of audit items. Presenting step 202 mayfurther comprise presenting a plurality of prompts designed to elicit aset of responses from a user/auditor wherein the set of user responsesare associated with a set of risks associated with the audit. Further,the set of risk levels may be associated with a set of assertionsassociated with the plurality of audit items. Also, the set of risklevels may include at least a first risk level and a second risk levelof different degrees of risk. Step 204 is processing a set of responsesreceived from the user in response to the items presented in step 202.In step 206 the process automatically generates a suggested auditapproach that is based at least in part on the processing step 204.

Still with reference to FIG. 2, the process 200 may optionally includeone or more of the following steps. In step 208, the process includesdetermining a set of procedures that are based at least in part on theresponses from step 204. At step 210, the set of procedures arepresented to the user based at least in part on the suggested auditapproach of step 206. The process may also include step 212 whereby auser is presented a set of at least two audit approaches comprising thesuggested audit approach and an alternative audit approach from whichthe user may select. In addition, the suggested audit approach may beone of basic, limited or extended. In the process 200, each response inthe set of responses may be a selected risk level from the set of risklevels representing different levels of risk. The presenting step 206may include presenting an electronic audit form associated with theaudit being performed by a user. The electronic form may comprise theplurality of audit items and the set of risk levels. The automaticallygenerating step 206 may further include determining a set of proceduresbased at least in part on the set of user responses and the suggestedaudit approach may include presenting the set of procedures. The process200 may also include step 214 of editing the determined set ofprocedures from the generating step 206 to result in a customized set ofprocedures. The process 200 may also include step 216 of presenting aset of electronic documents associated with the suggested auditapproach.

The process 200 may be performed in a variety and combination ofenvironments and architectures, including Internet/WWW-basedapplications, desktop applications, and WWW-enabled applications. In oneexemplary architecture, a user 108 at a remote workstation 110 may haveexecuting thereon software so that the user is not writing back to thecentral server database 126 until the user 108 chooses to save changesmade. Until the changes are saved, the user is working in short-termmemory and the user has the ability to perform “what if” scenarios.

FIG. 3 is a screen shot of an exemplary practice aid comprising customcontent and functionality built into the Word application. Shown is amenu representing custom audit functionality in the pull-down windowwith “View Practical Considerations” checked. Shown on the screen isrepresented the audit area “Inventory and Cost of Sales” in a practiceaid form that provides direction and captures risk assessmentinformation on Financial Statement Assertions (FSAs) and other datapoints.

FIG. 4 is a flowchart to help illustrate the logic 400 associated withassigning levels of risk associated with different assertions and howbased on the assertions and assigned risk levels basic or extendedprocedures may be included in a suggested audit approach. Assertions 402through 412 are similar to the FSAs of FIG. 3. For example, if allassertions 402 through 412 are assigned a low risk level then basicprocedures 414 will be suggested. If some or all of assertions 402through 412 are assigned a moderate risk level then basic procedures 414will be suggested—unless a separate significant or fraud risk 420assertion is indicated. Whereas, if one or more of the assertions 402through 412 are assigned high level of risk, then extended procedures418 may be included in the suggested audit approach. A combination ofbasic and extended procedures may be included in a suggested auditapproach.

With regard to initiating an engagement and with reference to FIG. 1,the GUI 118 may be used to present a user 108 with an introductoryscreen to interface the system of creating auditing procedures inresponse to a field of identified risks. For example, the introductoryscreen may give auditors or users 108 the option to begin a newengagement or continue an existing engagement. For example, the auditor108 may begin a new engagement by either clicking on a page icon on acommand bar or going to pull-downs, e.g., “file”>> “new.” Once anauditor 108 begins a new engagement, GUI 118 may present the user with asubsequent screen to allow the auditor 108 to input client information.For instance, the auditor may input the client's name, a particularizedname for the engagement, and an audit type or title, e.g., a Thomsone-Practice Aid Title, which may be in the form of Microsoft Word andExcel documents, checklists and templates. The risk assessment processof the present invention allows users to identify risks of materialmisstatement and may be integrated with professional tool applicationsand suites of applications, for example, Thomson Corporation's e-Tools™Suite, including PPC's e-Practice Aids, e-Workpapers, InteractiveDisclosure Libraries, and Engagement Letter Generator products. The riskassessment invention may also involve internal control processes orinformation and may involve assessing control risks. The risk assessmentprocess may include a performance and reporting aspect involvingevaluating acceptance and involve accessing external resources such asHoover's reference. This may also include evaluating continuance in thecontext of roll-forward acceptance and continuance decisions.

For example, an auditor may select a client's name from a drop-down boxwhere client names are presented. Alternatively, an auditor may input anew unique entry directly into the client's name data field. An audittitle is selected from a list of available choices, examples of whichare provided above, which includes “Audits of Nonpublic Companies.” Inone implementation, an auditor may be limited in the selection ofpractice aid titles. By limiting the number of practice aid titles, thesoftware may be managed according to the practice aid title. An auditordetermines whether the engagement is an initial audit or whether it isrelated to a previous audit. Managing an audit in this way is beneficialbecause it allows an auditor to work on an audit in stages anddetermines whether initial audit procedures are automatically included.

FIGS. 5 through 21 and the following text provide a more detaileddescription of the engagement and risk assessment process. Thecomputer-implemented audit tool described herein allows auditors tocomplete audit planning documentation, identify and capture audit risksaffecting the engagement, automatically and dynamically generatesuggested audit programs, select from suggested and alternative auditstrategies responsive to auditor risk assessment, customize auditprogram aspects with user-friendly GUI and drag and drop functionality,and produce tailored practice aids for the engagement. The riskassessment process also may include diagnostic capabilities to aid theauditor in identifying inconsistencies in the audit program. Additionalfeatures that may be implemented in keeping with the invention are theability to roll-forward an engagement based on a prior period engagementand the ability to aggregate information from various tools and practiceaids and implement changes to or additional risk assessment standardsacross an audit platform and multiple engagements. To a large extent thepresent invention may be used to automate the audit planning and riskassessment process, optimize judgments, improve linkage between auditrisk and procedures performed, increase audit effectiveness and reducerisk, and increase consistency across audit engagements. The inventionand its various features are described in more detail below.

In one embodiment of the invention, an auditor initiates an engagementand completes planning forms and identifies risks. Next the auditorassesses risks and determines audit strategies. Next, the systemautomatically generates an audit program and the auditor may customizethe program. Next, the auditor may run diagnostics to identifyinconsistencies. In more detail, after the engagement has been createdor continued, as described above, FIG. 5 illustrates a screen shotpresented to a user 108 of audit areas to be included in an audit for aparticular engagement. FIG. 5 displays the audit areas to be included inthe audit. Exemplary audit areas 30 may include cash, accountsreceivables and sales, inventory and costs of sales, inventoryobservation, property, investments and derivatives, other assets,accounts payable and other liabilities, notes payable and long-termdebt, income taxes, equity, and incomes and expenses. An auditor canchoose whether each of these or other areas will be considered in anaudit. Further, an auditor has the option of adding an audit area. Whenat least one or more of these areas are selected for inclusion in theaudit, a series of questions and subsequent screens will be generated tofacilitate the creation of a set of audit procedures to be completed bythe auditor that are tailored to the audited entity. These audit areasact as the parameters for the audit report and will be the aspects uponwhich the risk assessment is calculated.

FIG. 5 shows an introductory screen for easy navigation of the auditprocess. It is not necessary that any stage of the process be conductedfirst once the engagement has been created. At all times an auditor mayskip forwards and backwards in the leftmost navigation pane. Theleftmost navigation pane consists of categories for the identificationof risks, assessing the effects of those risks, review and modificationof audit programs, and generating planning forms and audit programs. Theintroductory screen gives an auditor an understanding of thesignificance of each individual category and what the auditor is meantto accomplish in each category. The introductory screen further assiststhe auditor by offering a tutorial to assist the auditor in conductingthe audit preparation.

FIG. 6 depicts an engagement acceptance form screen having a navigationside pane and an identified risks side pane. This screen allows theauditor to give an initial assessment on whether they can perform theaudit being requested. An auditor will input answers to questions suchas the type of service being requested. Within the engagement acceptanceform 60, there are practical considerations 61 identified in blue. Anauditor can select to hide all practical considerations. Practicalconsiderations consist of advice given to the auditor. The engagementacceptance form 60 also is designed for the input of brief descriptionof the services to be performed by the auditor. Further, communicationswith the party seeking the audit are noted here. This screen alsoaddresses any conflicts of interest to help ensure a professional andtrustworthy report.

FIG. 6 shows a right pane where an auditor may add specific identifiedrisks. A risk might be identified at any stage of the audit, and thecompletion of engagement acceptance form. Understanding the Entity andits Environment form illustrated in FIG. 8 and similar forms providebases for the auditor to identify applicable risks. An auditor clicksthe “Add Risk” box in FIG. 6, and the screen of FIG. 7 appears. FIG. 7depicts a fraud identification screen where an auditor may enter a typeof risk and describe it in any way. The auditor will determine whetherthis risk is a fraud-related risk and whether it is significant enoughto warrant special consideration. Similar to the engagement setup ofFIG. 4, the auditor selects audit areas affected by the risk, or mayselect “overall financial statements” if all audit areas in thefinancial statements will be at risk.

In FIG. 8, the Understanding the Entity and its Environment form andassociated screen are directed to the goal of having the user betterunderstand the entity being audited. When auditing a business, it isimportant that the auditor review not only the financial aspects of thebusiness, but how the business operates and its financial plans. Here,the auditor inputs certain information about the entity being auditedincluding their address, structure, ownership, governance. The auditorlists known transactions with related parties such as subsidiaries andother affiliated corporations. The auditor will input the type ofindustry in which the audited entity operates, including any applicableregulations which affect that industry. If one certain operations of theentity are being audited, the Auditor may explain what other operationsthe entity is engaged in.

FIG. 9 depicts an Engagement Team Discussion form screen. The engagementteam discussion form 80 screen allows the auditor to record the names ofthe persons authorized to disclose information about the entity. On thisscreen, the name and title of each person authorized to discloseinformation within this meeting would be recorded, as would alldecisions resulting from this meeting.

FIG. 10 depicts the Fraud Risk Inquiries Form screen. The auditor usesthis screen to document the questions the auditor has asked selectedemployees of the entity and record their answers. This screen is for thebulk of the investigative functionality of the job of an auditor. TheFraud Risk Inquiries Form suggests questions as well as areas toconsider when preparing questions.

FIG. 11 depicts the “Understanding the Design and implementation ofInternal Control form” screen. The auditor uses this screen to obtain asufficient knowledge of the control environment to understand theattitudes, awareness, and actions of those governing the entity thatrelate to internal control and its importance in achieving reliablefinancial reporting and obtain a sufficient knowledge of the entity'srisk assessment process to understand how management identifies businessrisks that may affect the financial statements and determines how toaddress those risks. The screen and overall system help auditors obtaina sufficient knowledge of the audited entity's internal controlcommunication process to understand how roles, responsibilities, andsignificant matters related to financial reporting are communicated.

FIG. 12 depicts the “Risk Identification Form” screen. The auditor usesthis form to identify potential risks in financial statements. Here, theauditor inputs risks related to the industry, the entity (including butnot limited to its structure, its governance, its investment strategy),and indications of fraud.

FIG. 13 depicts an initial risk assessment summary form. Risk assessmentsummary forms are the aspect of the present invention wherein usersrespond to predetermined questions with answers related to the risk ofcertain assertions. The presentation of identified risks and riskassessments in FIG. 13 may be referred to as the presenting step.Assertions are representations that are embodied in components beingaudited and include existence or occurrence, completeness, rights andobligations, valuation and allocation, accuracy and classification, andcutoff. There are three types of audit risk for which assertions must bemade. The type of audit risks include inherent risk (IR), control risk(CR), and the assessed risk of material misstatement (RMM). The inherentrisk is the susceptibility of a relevant assertion to a misstatementthat could be material, either individually or when aggregated withother misstatements, assuming there are no related controls. The controlrisk is the risk that a misstatement that could occur in a relevantassertion and that could be material, either individually or whenaggregated with other misstatements, will be not prevented or detectedon a timely basis by the entity's internal control. The assessed RMM isthe product of IR and CR and may be automatically calculated, but may bemanually altered by the auditor. The risk levels inputted under IR, CRand RMM are of three levels, an example of which might be low, moderateand high, but is not limited to such terms.

As used herein, the term assertion means representations that areembodied in components being audited. For example, Statement on AuditingStandard No. 106, Audit Evidence (SAS No. 106), issued by the AmericanInstitute of Certified Public Accountants (AICPA), provides thatassertions used by the auditor fall into the following categories:

a. Assertions about classes of transactions and events for the periodunder audit:

-   -   i. Occurrence. Transactions and events that have been recorded        have occurred and pertain to the entity.    -   ii. Completeness. All transactions and events that should have        been recorded have been recorded.    -   iii. Accuracy. Amounts and other data relating to recorded        transactions and events have been recorded appropriately.    -   iv. Cutoff. Transactions and events have been recorded in the        correct accounting period.    -   v. Classification. Transactions and events have been recorded in        the proper accounts.

b. Assertions about account balances at the period end:

-   -   i. Existence. Assets, liabilities, and equity interests exist.    -   ii. Rights and obligations. The entity holds or controls the        rights to assets, and liabilities are the obligations of the        entity.    -   iii. Completeness. All assets, liabilities, and equity interests        that should have been recorded have been recorded.    -   iv. Valuation and allocation. Assets, liabilities, and equity        interests are included in the financial statements at        appropriate amounts and any resulting valuation or allocation        adjustments are appropriately recorded.

c. Assertions about presentation and disclosure:

-   -   i. Occurrence and rights and obligations. Disclosed events and        transactions have occurred and pertain to the entity.    -   ii. Completeness. All disclosures that should have been included        in the financial statements have been included.    -   iii. Classification and understandability. Financial information        is appropriately presented and described and disclosures are        clearly expressed.    -   iv. Accuracy and valuation. Financial and other information are        disclosed fairly and at appropriate amounts.

SAS No. 106 provides that the auditor may use these relevant assertionsas described above or may express them differently provided aspectsdescribed above have been covered. Standard setting bodies other thanthe AICPA also refer to other assertions in grouping that are similar tobut that may differ from the grouping in SAS No. 106.

Assertions in the invention are summarized and presented in thefollowing six groupings: existence or occurrence, completeness, rightsand obligations, valuation and allocation, accuracy and classification,and cutoff.

FIG. 13 prompts the auditor to determine whether this audit area is asignificant audit area 133. A significant audit area 133 is an auditarea that contains a significant transaction class, a material accountbalance, requires significant disclosures, or contains a fraud risk orother significant risk.

Additionally, risks entered in FIG. 7 are displayed in the RiskAssessment Summary form of FIG. 13. These risks can be expanded bydouble-clicking the risk field. Only those risks that pertain to theaudit area will appear in FIG. 13 for that audit area (e.g., a risk offraud relating only to property will appear in FIG. 13 for that auditarea (e.g., a risk of fraud property category and not the cash or anyother category). A risk entered in FIG. 7 as a risk to the overallfinancial statements will appear in each category.

On FIG. 13 an auditor will then choose which audit approach to take. Thepresent invention contemplates a variety of audit approaches including alimited procedures audit approach, a basic procedures audit approach andan extended procedures audit approach. Based upon the informationinputted on the planning form, particularly the information inputtedunder the RMM, the risk assessment system will generate a suggestedaudit approach. In one manner of implementation, if any RMM assertion ishigh, an extended procedures audit will be suggested. Also, analternative audit approach may be carried out by presenting andselecting an audit approach other than the suggested approach.

The limited audit approach consists of preliminary analyticalprocedures, other risk assessment procedures, and final analyticalprocedures considered sufficient. No audit program will be created forthe audit area. This approach is not appropriate for significant auditareas. The basic audit approach is the audit that will be included inboth the basic and extended audit reports. The basic procedures auditwill include primarily substantive analytical procedures and certaintests of details required by auditing standards or regulations. Thisapproach ordinarily is not appropriate to respond to a fraud risk orother significant risk. The extended procedures audit approach includesthe basic procedures plus procedures for additional assurance related toassertions for which the auditor indicates there is a high RMM If thereis a moderate RMM, extended procedures will be suggested if fraud or anyother significant risks exist.

Risk Assessment Summary Forms exist for at least the categories cash,accounts receivables and sales, inventory and cost of sales, inventoryobservation, property, investments and derivatives, other assets,accounts payable and other liabilities, notes payable and long-termdebt, income taxes, equity, and incomes and expenses, overall financialrecords, but is not limited to these categories.

FIG. 14 depicts the risks entered in FIG. 7 as risks to the overallfinance statements. This screen permits an auditor to list proceduresrelating to that particular risk factor. Allowing for specificallyinputted risks gives the auditor flexibility in designing an auditprocedures.

FIG. 15 depicts the procedures generated by inputted data. The riskassessment system of the invention generates procedures utilizing alogic scheme wherein answers or responses input by the auditor are usedas input to the logic. The generation in this step is referred to as theautomatically generating step. An auditor can alter the procedures asgenerated by the system. The procedures are displayed in a nested formatusing boxes an auditor may click to display the nested information. Inthe right pane, all available audit procedures are listed. This paneincludes audit procedures included or excluded from the generatedprocedures in the center pane. Exclude procedures were excluded from thereport because in response to the answers inputted the program deemedthose procedures irrelevant. However, so that the auditor may have fullcontrol and ability to customize the report, the auditor may alter theprocedures by dragging those procedures from the right pane into thelist of procedures to perform in the center pane. Using drag and droptechnology, the auditor is able to determine where in the center panethe new procedures is displayed. If an auditor wishes to change thelocation of the procedure within the center pane (both thoseautomatically generated and those added by the auditor), the auditor candrag and drop that procedure into the right pane and that procedure willbe removed. Further, the user can reorder the procedures in the reportfrom this screen.

FIG. 16 depicts general procedures that are applicable to all audits.These procedures are displayed in the same structure as the steps ofFIG. 15. Similar to FIG. 15, an auditor may drag and drop new proceduresinto place into the primary screen of FIG. 16. Likewise, the auditor maydrag and drop procedures in FIG. 16 into the right pane to remove themfrom the audit report.

FIG. 17 depicts a diagnostic report. The diagnostic report of FIG. 17lists potential errors as a result of information inputted by theauditor including failure to answer any portion of a planning form orfailure to select an audit approach. This is especially useful becauseit alerts the auditor to issues that should be considered beforedocuments are generated in FIGS. 18 and 21. To correct these errors, auser may either click through the left pane's navigation panel, or usethe previous button.

FIG. 18 depicts the generated audit forms. The audit forms correspond tothe planning forms of FIGS. 6 and 8 through 13. An auditor may click onany of the forms to download a preview of the actual form.Alternatively, an auditor may click “Create e-Practice Aids” to generateaudit documents as shown in FIG. 20.

FIG. 19 depicts a preview of an audit form generated by the system.Software. The preview report generated allows the user to view the formbefore exiting the program. By creating the preview function, an auditorcan review the form to ensure that all elements needed are present.Because of the easy navigation through the program using either the leftpane or the “previous” button, an auditor can easily amend the formusing the system software. The preview report appears just as the actualform will appear when printed. The preview mode does not display thepractical considerations feature.

From FIG. 18, pressing the Create e-Practice Aids button will prompt auser to input a location to save the audit report forms. An auditor maychoose which report forms to create by selecting or deselecting thecheck box next to the form. A separate file will be created for eachform generated by the software. FIG. 20 depicts a folder containing allforms generated by the program.

FIG. 21 depicts the Generate Audit Programs screen. From here as in FIG.18, an auditor may preview the audit programs and create the programs byselecting the Create e-Practice Aids button.

FIGS. 22-26 are directed to illustrating an implementation of anengagement document placement system to assist entities andprofessionals in carrying out tax and accounting functions, such asaudits, internal controls, financial statements and reporting, and riskassessment. FIG. 22 illustrates a toolbar associated with an engagementsolution, such as Thomson Engagement CS™ solution, for providing anefficient tool to standardize procedures in tax and accountingapplications. The engagement solution is integrated with, for example, arisk assessment solution and other tax and accounting tools, such asThomson SMART e-Practice™ Aids, e-Tools™, e-Workpapers™, and Checkpoint®solutions, thereby marrying guidance and research products and tools toprovide a comprehensive engagement workflow management system. Theengagement solution also integrates, for example, with Microsoft Word®and Excel® products for data and document processing in creating andediting and accessing work-product associated with engagements. As shownin FIG. 22, a user activates button 2202 to launch or access a tax andaccounting solution, such as SMART e-Practice™ Aids, which isillustrated as opening in FIG. 23. FIG. 23 represents an exemplaryscreen with a default client engagement window. The user may thenactivate the “open” button to gain access to the in progress “SampleEngagement” engagement.

FIG. 24 shows a General Audit Programs screen, similar to that describedabove and shown in FIG. 21. From this screen, a user may select Auditareas of interest and work completed in the risk assessment solution ofthis example to generate programs and planning forms. As shown, the useractivates the “Create e-Practice Aids” button 2402. From the screen ofFIG. 24, pressing the Create e-Practice Aids button will cause theengagement document placement solution to automatically process the riskassessment generated documents and to electronically file the generateddocuments in the appropriate folder within the auditing system. Existingdocuments are replaced when required. FIG. 25 is a screenshot of anexemplary engagement document placement folder arrangement associatedwith the particular engagement, e.g., “Sample Engagement (Master).” FIG.26 represents a screenshot depicting the generated documents 2602, suchas planning procedures documents, as filed in the appropriate places,i.e. folders and subfolders, in this instance “Planning” folder. FromFIG. 26, a user, e.g., an auditor, is able to open and use the relevantgenerated documents in performing completing the engagement, e.g., anaudit.

The present invention is not to be limited in scope by the specificembodiments described herein, It is fully contemplated that othervarious embodiments of and modifications to the present invention, inaddition to those described herein, will become apparent to those ofordinary skill in the art from the foregoing description andaccompanying drawings. Thus, such other embodiments and modificationsare intended to fall within the scope of the following appended claims.Further, although the present invention has been described herein in thecontext of particular embodiments and implementations and applicationsand in particular environments, those of ordinary skill in the art willappreciate that its usefulness is not limited thereto and that thepresent invention can be beneficially applied in any number of ways andenvironments for any number of purposes. Accordingly, the claims setforth below should be construed in view of the full breadth and spiritof the present invention as disclosed herein.

1. A computer-implemented method for automatically generating andgrouping documents associated with a tax and accounting relatedengagement, the method comprising: (a) presenting by a display aplurality of financial audit items for verifying recorded financialitems and a set of risk levels associated with the plurality offinancial audit items; (b) receiving and processing by a processor a setof responses to the presenting step; (c) automatically generating by theprocessor a financial audit approach set for verifying recordedfinancial items based at least in part on the set of responses asreceived and processed in the receiving and processing step, thefinancial audit approach set including a suggested financial auditapproach and an alternative financial audit approach; (d) presenting forselection at least one financial audit approach from the financial auditapproach set; (e) automatically generating by the processor documentsrelated to verifying recorded financial items and associated with aselected financial audit approach; and (f) automatically grouping by theprocessor the automatically generated documents into one or more sets ofdocuments irrespective of a physical location of said documents, whereinthe one or more sets of documents are presented by the display.
 2. Themethod of claim 1 wherein the selected financial audit approach includesa set of at least one financial audit programs.
 3. The method of claim 2wherein the set of at least one financial audit programs includes a setof procedures based at least in part on the selected financial auditapproach.
 4. The method of claim 1 wherein the set of risk levels areassociated with a set of assertions associated with the plurality offinancial audit items.
 5. The method of claim 1 wherein theautomatically generating a financial audit approach set step comprisesdetermining a set of procedures based at least in part on the set ofresponses and wherein the selected financial audit approach includespresenting the set of procedures.
 6. The method of claim 1 furthercomprising editing the determined set of procedures from the generatingstep to result in a customized set of procedures.
 7. The method of claim1 further comprising presenting a set of electronic documents associatedwith the selected financial audit approach.
 8. The method of claim 1wherein the method is at least in part carried out using anInternet-based application or is Internet-enabled.
 9. The method ofclaim 1 wherein the method is at least in part carried out using adesktop application.
 10. A system adapted to automatically generate andgroup documents associated with a tax and accounting related engagement,the system comprising: (a) a computer having an associated memory,display, and input device and adapted to execute code; (b) a graphicaluser interface adapted to operate on the computer and adapted to presenta plurality of financial audit items for verifying recorded financialitems and a set of risk levels associated with the plurality offinancial audit items and adapted to receive a set of responses by theinput device; (c) a response code set adapted to be executed on thecomputer and adapted to receive and process the set of responses; (d) anaudit code set adapted to be executed by the computer and adapted toautomatically generate a financial audit approach set for verifyingrecorded financial items based at least in part on the set of responses,the financial audit approach set including a suggested financial auditapproach and an alternative financial audit approach; (e) a code setadapted to be executed on the computer and adapted to present forselection at least one financial audit approach from the financial auditapproach set; (f) a document generation code set adapted to be executedon the computer and to automatically generate documents related toverifying recorded financial items and associated with a selectedfinancial audit approach; and (g) a document placement code set adaptedto be executed on the computer and to automatically group theautomatically generated documents into one or more sets of documentsirrespective of a physical location of said documents.
 11. The system ofclaim 10 wherein the audit code set is further adapted to present by thegraphical user interface a set of procedures based at least in part onthe selected financial audit approach.
 12. The system of claim 10wherein the audit code set is further adapted to determine a set ofprocedures based at least in part on the set of responses.
 13. Thesystem of claim 10 wherein the audit code set is further adapted topresent a set of electronic documents associated with the selectedfinancial audit approach.
 14. The system of claim 10 wherein at leastsome of the code executed by the computer is Internet-based orInternet-enabled.
 15. The system of claim 10 wherein at least some ofthe code executed by the computer is a desktop application.
 16. Acomputer program for automatically generating and grouping documentsassociated with a tax and accounting related engagement, and embodied ina non-transitory computer-readable medium configured for execution on acomputer having an associated memory, display, and input device, thecomputer program comprising: (a) a graphical user interface adapted tooperate on the computer and adapted to present a plurality of financialaudit items for verifying recorded financial items and a set of risklevels associated with the plurality of financial audit items andadapted to receive a set of responses by the input device; (b) aresponse code set adapted to be executed on the computer and adapted toreceive and process the set of responses; (c) an audit code set adaptedto be executed by the computer and adapted to automatically generate afinancial audit approach set for verifying recorded financial itemsbased at least in part on the set of responses, the financial auditapproach set including a suggested financial audit approach and analternative financial audit approach; (d) a code set adapted to beexecuted by the computer and adapted to present for selection at leastone financial audit approach from the financial audit approach set; (e)a document generation code set adapted to be executed on the computerand to automatically generate documents related to verifying recordedfinancial items and associated with a selected financial audit approach;and (f) a document placement code set adapted to be executed on thecomputer and to automatically group the automatically generateddocuments into one or more sets of documents irrespective of a physicallocation of said documents.
 17. The method of claim 16, wherein theselected financial audit approach includes a set of at least onefinancial audit programs.
 18. The method of claim 17, wherein the set ofat least one financial audit programs includes a set of procedures basedat least in part on the selected financial audit approach.
 19. Thecomputer program of claim 16, wherein the graphical user interface isadapted to present a set of prompts designed to elicit the set ofresponses, the set of responses being associated with a set of risksassociated with a financial audit.
 20. The computer program of claim 16,wherein the audit code set is further adapted to present by thegraphical user interface a set of procedures based at least in part onthe selected financial audit approach.